Ace Your Exams with Our Notes and Mock Tests!

EC-Council: Computer Hacking Forensic Investigator(CHFI-V10)
Module 7 : Linux and Mac Forensics
Questions available : 36		You are not logged in. Please Login for track your learning progress

Q. No: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |
		Go to Question No.

Question No 0

---

If you want to share the link of this question, please click here to "Copy Question Link" and share that generated link. Link from URL may change in future.

 

---

Bookmark this Question		QID: 808
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude
A:    The system files have been copied by a remote attacker
B:    The system administrator has created an incremental backup
C:    The system has been compromised using a t0rnrootkit
D:    Nothing in particular as these can be operational files

Diffence opinion in Correct Answer or any comment?
Vote / Comment for correct Answer

Voting and comment option is available only for Logged in Users.
Please Login

Chosen Answer: A    B    C    D

Comment on this Answer:

Nickname to be shown:

Comunity Comments:

Krishna on 28/03/2025
Opted Answer: C

https://honeynet.onofri.org/scans/scan19/scan19.html
Zer0.tar.gz and copy.tar.gz are files associated with the installation and deployment of t0rn rootkit

0	0			Reply / response option is available only for Logged in Users. Please Login.    Registration is free!!
Your Comment / Reply Nickname to be shown
Reason for Report

Go to Modules